Summary of Security Items from February 4 through February 17, 2004
Released
Feb 17, 2004
Document ID
SB04-049
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
Vulnerability Severity:
Publications by US-CERT |
href="#vendors">Publications by Vendors |
href="#others">Publications by Third Parties
Publications by US-CERT
Vulnerabilities in Microsoft ASN.1 Library
Multiple integer overflow vulnerabilities in the Microsoft Windows
ASN.1 parser library could allow an unauthenticated, remote attacker
to execute arbitrary code with SYSTEM privileges.
- TA04-041A:
Multiple Vulnerabilities in Microsoft ASN.1 Library- VU#216324:
Microsoft ASN.1 Library improperly decodes malformed ASN.1 length values- VU#583108:
Microsoft ASN.1 Library improperly decodes constructed bit stringsVulnerabilities in Check Point Firewall-1
Both the AI and HTTP Security Server features of Firewall-1 contain an
HTTP parsing vulnerability that is triggered by sending an invalid
HTTP request through the firewall. This vulnerability allows remote
attackers to execute arbitrary code on affected firewalls with
administrative privileges, typically "SYSTEM" or "root".
- TA04-036A:
HTTP Parsing Vulnerabilities in Check Point Firewall-1- VU#790771:
HTTP Parsing Vulnerabilities in Check Point Firewall-1VU#277396:
GNU Radius accounting service fails to properly handle exceptional
Acct-Status-Type and Acct-Session-Id attributes
The GNU Radius accounting service fails to properly handle packets
with exceptional Acct-Status-Type and Acct-Session-Id attributes.VU#473814:
Multiple Real media players vulnerable to buffer overflow when parsing
crafted media files
Multiple Real media players vulnerable to buffer overflow when parsing
certain media files which may permit an attacker to execute arbitrary
code on the user's system.VU#473902:
Multiple Real media players fail to properly validate SMIL files
Multiple Real media players fail to properly validate synchronized
multimedia integration language (SMIL) files which may permit a remote
attacker to gain sensitive information.VU#514734:
Multiple Real media players fail to properly validate RMP files
Multiple Real media players fail to properly validate RealJukebox
Metadata Package (RMP) files which may permit an attacker to download
and execute arbitrary code on the user's system.VU#873334:
Check Point ISAKMP vulnerable to buffer overflow via Certificate
Request
A buffer overflow vulnerability exists in the Internet Security
Association and Key Management Protocol (ISAKMP) implementation used
in Check Point VPN-1, SecuRemote, and SecureClient products. An
unauthenticated, remote attacker could execute arbitrary code with the
privileges of the ISAKMP process, typically root or SYSTEM.
Publications by Vendors
Conectiva
- vim - Arbitrary commands execution through modelines (02-10-04)
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000812- Gaim - Several remote vulnerabilities (02-10-04)
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000813- Libtool - Insecure handling of temporary files (02-05-04)
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000811Debian
- DSA-433-1 kernel-patch-2.4.17-mips -- integer overflow (02-04-04)
http://www.debian.org/security/2004/dsa-433- DSA-434-1 gaim -- several vulnerabilities (02-05-04)
http://www.debian.org/security/2004/dsa-434- DSA-435-1 mpg123 -- heap overflow (02-06-04)
http://www.debian.org/security/2004/dsa-435- DSA-436-1 mailman -- several vulnerabilities (02-08-04)
http://www.debian.org/security/2004/dsa-436- DSA-437-1 cgiemail -- open mail relay (02-11-04)
http://www.debian.org/security/2004/dsa-437Fedora
- Fedora Security Update Notification netpbm-9.24-12.1.1 (02-06-04)
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00003.html- Fedora Core 1 Update: mc-4.6.0-8.4 (02-09-04)
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00006.html- Updated kernel packages. (02-11-04)
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00011.html- Fedora Core 1 Update: mutt-1.4.1-5 (02-11-04)
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00015.html- Fedora Core 1 Update: XFree86-4.3.0-55 (02-13-04)
http://www.redhat.com/archives/fedora-announce-list/2004-February/msg00018.htmlFreeBSD
- shmat reference counting bug (02-05-04)
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.aGentoo
- Gallery = 1.4.1 remote exploit vulnerability (02-04-04)
http://forums.gentoo.org/viewtopic.php?t=135484- phpMyAdmin 2.5.6-rc1 directory traversal attack (02-05-04)
http://forums.gentoo.org/viewtopic.php?t=137978- Linux kernel AMD64 ptrace vulnerability (02-06-04)
http://forums.gentoo.org/viewtopic.php?t=137979Hewlett Packard
- HPSBUX0311-294 SSRT3656 rev.1 NLSPATH may contain any path (02-10-04)
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0311-294- HPSBUX0310-290 SSRT3622 rev. 1 Bind v920 (02-08-04)
http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0310-290Mandrake
- Updated glibc packages fix resolver vulnerabilities (02-04-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:009- Updated nautilus package fix crash (02-11-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKA-2004:010- Updated mutt packages fix remote crash (02-11-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:010- Updated NetPBM packages fix a number of temporary file bugs (02-11-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:011- Updated XFree86 packages fix buffer overflow vulnerabilities (02-13-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:012- Updated mailman packages close various cross-site scripting vulnerabilities (02-13-04)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:013Microsoft
- Vulnerability in Virtual PC for Mac could lead to privilege elevation (02-10-04)
http://www.microsoft.com/security/security_bulletins/20040210_virtualpcmac.asp- ASN.1 Vulnerability Could Allow Code Execution (02-10-04)
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-007.asp- Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (02-10-04)
http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS04-006.aspNovell
- iChain 2.2 Field Patch 3b (02-05-04)
http://support.novell.com/cgi-bin/search/searchtid.cgi?/2968107.htmOpenBSD
- Several buffer overflows exist in the code parsing font.aliases files in XFree86. Thanks to ProPolice, these cannot be exploited to gain privileges, but they can cause the X server to abort (02-14-04)
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/012_font.patch- An IPv6 MTU handling problem exists that could be used by an attacker to cause a denial of service attack against hosts with reachable IPv6 TCP ports (02-08-04)
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/011_ip6.patch- A reference counting bug exists in the shmat(2) system call that could be used by an attacker to write to kernel memory under certain circumstances. (02-05-04)
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.4/common/010_sysvshm.patchRed Hat
- Updated NetPBM packages fix multiple temporary file vulnerabilities (02-05-04)
https://rhn.redhat.com/errata/RHSA-2004-030.html- Updated mailman packages close cross-site scripting vulnerabilities (02-05-04)
https://rhn.redhat.com/errata/RHSA-2004-020.html- Updated mutt packages fix remotely-triggerable crash (02-11-04)
https://rhn.redhat.com/errata/RHSA-2004-051.html- Updated XFree86 packages fix privilege escalation vulnerability (02-13-04)
https://rhn.redhat.com/errata/RHSA-2004-059.html- Updated PWLib packages fix protocol security issues (02-13-04)
https://rhn.redhat.com/errata/RHSA-2004-048.htmlSGI
- userland binary vulnerabilities update (02-05-04)
ftp://patches.sgi.com/support/free/security/advisories/20040104-02-P.asc- SGI Advanced Linux Environment security update #10 (02-11-04)
ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.ascSlackware
- XFree86 security update (SSA:2004-043-02) (02-12-04)
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053- mutt security update (SSA:2004-043-01) (02-12-04)
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405607Sun Microsystems
- Buffer Overflow Vulnerability in the CDE DtHelp Library May Allow Unauthorized "root" Access (02-06-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57414&zone_32=category%3Asecurity- Security Issue with kcms_server Daemon (02-10-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50104&zone_32=category%3Asecurity- Security Vulnerability in the Apache Web Server "mod_alias" and "mod_rewrite" Modules (02-10-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57496&zone_32=category%3Asecurity- Security Issue Involving the Solaris sadmind(1M) Daemon (02-11-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F56740&zone_32=category%3Asecurity- SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols (02-12-04)
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57475&zone_32=category%3AsecurityTrustix
- Mutt Remote Crash (02-13-04)
http://www.trustix.org/errata/misc/2004/TSL-2004-0006-mutt.asc.txtTurbolinux
- The KDE team has found a buffer overflow in the file information reader of VCF files (02-05-04)
http://www.turbolinux.com/security/2004/TLSA-2004-4.txt- Font file buffer overlows (02-17-04)
http://www.turbolinux.com/security/2004/TLSA-2004-5.txt- Two buffer overflow vulnerabilities were found in slocate (02-17-04)
http://www.turbolinux.com/security/2004/TLSA-2004-6.txt
Publications by Third Parties
AusCERT
- SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols (02-16-04)
http://www.auscert.org.au/render.html?it=3857&cid=1- New gnupg packages fix cryptographic weakness (02-16-04)
http://www.auscert.org.au/render.html?it=3856&cid=1- Updated PWLib packages fix protocol security issues (02-16-04)
http://www.auscert.org.au/render.html?it=3852&cid=1- Updated XFree86 packages fix privilege escalation vulnerability (02-16-04)
http://www.auscert.org.au/render.html?it=3851&cid=1- Updated XFree86 packages fix privilege escalation vulnerability (02-16-04)
http://www.auscert.org.au/render.html?it=3850&cid=1- Updated XFree86 packages fix privilege escalation vulnerability (02-16-04)
http://www.auscert.org.au/render.html?it=3849&cid=1- Updated mutt packages fix remotely-triggerable crash (02-16-04)
http://www.auscert.org.au/render.html?it=3848&cid=1- Updated mutt packages fix remotely-triggerable crash (02-16-04)
http://www.auscert.org.au/render.html?it=3847&cid=1- Police investigation" Fraudulent E-mail and Malicious Web Site (02-16-04)
http://www.auscert.org.au/render.html?it=3858&cid=1- Security Vulnerability in the Apache Web Server "mod_alias" and "mod_rewrite" Modules (02-13-04)
http://www.auscert.org.au/render.html?it=3845&cid=1- Security Issue with kcms_server Daemon (02-13-04)
http://www.auscert.org.au/render.html?it=3844&cid=1- New cgiemail packages fix open mail relaying (02-13-04)
http://www.auscert.org.au/render.html?it=3843&cid=1- SunPlex (Sun Cluster) Multiple Security Vulnerabilities in OpenSSL SSL and TLS Protocols (02-11-04)
http://www.auscert.org.au/render.html?it=3840&cid=1- Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (02-11-04)
http://www.auscert.org.au/render.html?it=3837&cid=1- Vulnerability in Virtual PC for Mac Could Lead to Privilege Elevation (02-11-04)
http://www.auscert.org.au/render.html?it=3836&cid=1- Samba 3.0.2 Security Bug-Fixes (02-11-04)
http://www.auscert.org.au/render.html?it=3839&cid=1- XFree86 Font Information File Buffer Overflow (02-11-04)
http://www.auscert.org.au/render.html?it=3838&cid=1- Multiple Vulnerabilities in Microsoft ASN.1 Library (02-11-04)
http://www.auscert.org.au/render.html?it=3835&cid=1- Updated Gaim packages fix security vulnerabilities (02-10-04)
http://www.auscert.org.au/render.html?it=3833&cid=1- Buffer Overflow Vulnerability in the CDE DtHelp Library (02-10-04)
http://www.auscert.org.au/render.html?it=3832&cid=1- Multiple Vulnerabilities in RealOne Player and RealPlayer (02-09-04)
http://www.auscert.org.au/render.html?it=3831&cid=1- Updated NetPBM packages fix multiple temporary file vulnerabilities (02-09-04)
http://www.auscert.org.au/render.html?it=3830&cid=1- Updated mailman packages close cross-site scripting vulnerabilities (02-09-04)
http://www.auscert.org.au/render.html?it=3829&cid=1- Userland Binary Vulnerabilities Update (02-09-04)
http://www.auscert.org.au/render.html?it=3828&cid=1- New mailman packages fix several vulnerabilities (02-09-04)
http://www.auscert.org.au/render.html?it=3827&cid=1- New mpg123 packages fix heap overflow (02-09-04)
http://www.auscert.org.au/render.html?it=3826&cid=1- IPv6 MTU handling problem (02-09-04)
http://www.auscert.org.au/render.html?it=3825&cid=1- Reference counting bug in shmat(2) (02-06-04)
http://www.auscert.org.au/render.html?it=3824&cid=1- Updated NetPBM packages fix multiple temporary file vulnerabilities (02-06-04)
http://www.auscert.org.au/render.html?it=3823&cid=1- Updated mailman packages close cross-site scripting vulnerabilities (02-06-04)
http://www.auscert.org.au/render.html?it=3822&cid=1- shmat reference counting bug (02-06-04)
http://www.auscert.org.au/render.html?it=3821&cid=1- HTTP Parsing Vulnerabilities in Check Point Firewall-1 (02-06-04)
http://www.auscert.org.au/render.html?it=3819&cid=1- GNU Radius Remote Denial of Service Vulnerability (02-05-04)
http://www.auscert.org.au/render.html?it=3818&cid=1- Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities (02-05-04)
http://www.auscert.org.au/render.html?it=3815&cid=1- Basic Security Module (BSM) Functionality is Impaired on Solaris Systems Which Have Removed The SUNWscpu Package (02-05-04)
http://www.auscert.org.au/render.html?it=3814&cid=1- New Linux 2.4.17 packages fix local root exploit (mips+mipsel) (02-05-04)
http://www.auscert.org.au/render.html?it=3813&cid=1- Multiple Vulnerabilities in Microsoft Internet Explorer (02-05-04)
http://www.auscert.org.au/render.html?it=3812&cid=1- Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow (02-05-04)
http://www.auscert.org.au/render.html?it=3816&cid=1- Sun ONE/iPlanet Web Server Enable HTTP TRACE Method by Default (02-04-04)
http://www.auscert.org.au/render.html?it=3811&cid=1- Updated kernel packages resolve minor security vulnerabilities (02-04-04)
http://www.auscert.org.au/render.html?it=3810&cid=1- Updated util-linux packages fix information leak (02-04-04)
http://www.auscert.org.au/render.html?it=3809&cid=1- Updated mc packages resolve buffer overflow vulnerability (02-04-04)
http://www.auscert.org.au/render.html?it=3808&cid=1- Cisco 6000/6500/7600 Crafted Layer 2 Frame Vulnerability (02-04-04)
http://www.auscert.org.au/render.html?it=3807&cid=1F-Secure
- Bagle.B (02-17-04)
http://www.f-secure.com/v-descs/bagle_b.shtml- MyDoom.E (02-17-04)
http://www.f-secure.com/v-descs/mydoom_e.shtml- Moodown (02-17-04)
http://www.f-secure.com/v-descs/moodown.shtml- Lasku (02-16-04)
http://www.f-secure.com/v-descs/lasku.shtml- Welchi.B (02-16-04)
http://www.f-secure.com/v-descs/welchi_b.shtml- Mydoom (02-12-04)
http://www.f-secure.com/v-descs/novarg.shtml- Mitglieder.H (02-12-04)
http://www.f-secure.com/v-descs/mitglieder_h.shtml- Doomjuice.B (02-12-04)
http://www.f-secure.com/v-descs/doomjuiceb.shtml- Doomjuice (02-11-04)
http://www.f-secure.com/v-descs/doomjuice.shtml- Vesser (02-09-04)
http://www.f-secure.com/v-descs/vesser.shtml- Cardown.B (02-06-04)
http://www.f-secure.com/v-descs/cardown_b.shtml- Needy.C (02-06-04)
http://www.f-secure.com/v-descs/needy_c.shtml- Mimail.T (02-05-04)
http://www.f-secure.com/v-descs/mimail_t.shtml- Lovsan.H (02-04-04)
http://www.f-secure.com/v-descs/lovsanh.shtmlISS
- Microsoft ASN.1 Integer Manipulation Vulnerabilities (02-11-04)
http://xforce.iss.net/xforce/alerts/id/164- Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities (02-04-04)
http://xforce.iss.net/xforce/alerts/id/162- Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow (02-04-04)
http://xforce.iss.net/xforce/alerts/id/163- AS04-07 (02-16-04)
http://xforce.iss.net/xforce/alerts/id/AS04-07- AS04-06 (02-09-04)
http://xforce.iss.net/xforce/alerts/id/AS04-06Network Associates
- W32/Bagle.b@MM (02-17-04)
http://vil.nai.com/vil/content/v_101030.htm- W32/Nodoom.a@MM (02-17-04)
http://vil.nai.com/vil/content/v_101029.htm- Phish-Potpor (02-16-04)
http://vil.nai.com/vil/content/v_101028.htm- W32/Netsky.a@MM (02-16-04)
http://vil.nai.com/vil/content/v_101027.htm- Exploit-MS04-007 (02-14-04)
http://vil.nai.com/vil/content/v_101026.htm- W32/Mydoom.e@MM (02-13-04)
http://vil.nai.com/vil/content/v_101024.htm- W32/Mimail.u@MM (02-13-04)
http://vil.nai.com/vil/content/v_101021.htm- W32/Doomhunter.worm (02-12-04)
http://vil.nai.com/vil/content/v_101022.htm- Kurda joke (02-12-04)
http://vil.nai.com/vil/content/v_101020.htm- VBS/Lucave (02-12-04)
http://vil.nai.com/vil/content/v_101017.htm- W32/Vesser.worm.b (02-12-04)
http://vil.nai.com/vil/content/v_101015.htm- Exploit-Mydoom (02-12-04)
http://vil.nai.com/vil/content/v_101014.htm- W32/Nachi.worm.b (02-11-04)
http://vil.nai.com/vil/content/v_101013.htm- W32/Doomjuice.worm.b (02-10-04)
http://vil.nai.com/vil/content/v_101012.htm- Adware-BuddyLinks application (02-10-04)
http://vil.nai.com/vil/content/v_101007.htm- W32/Yenik.worm (02-10-04)
http://vil.nai.com/vil/content/v_101005.htm- W32/Dumaru.ad@MM (02-10-04)
http://vil.nai.com/vil/content/v_101004.htm- MS Vulnerabilities MS04-005-007 (02-10-04)
http://vil.nai.com/vil/content/v_101003.htm- W32/Doomjuice.worm.a (02-09-04)
http://vil.nai.com/vil/content/v_101002.htm- QReg-9 (02-08-04)
http://vil.nai.com/vil/content/v_101011.htm- W32/Vesser.worm.a (02-07-04)
http://vil.nai.com/vil/content/v_101000.htm- W32/Holar.r@MM (02-06-04)
http://vil.nai.com/vil/content/v_100999.htm- VBS/Qoma@MM (02-06-04)
http://vil.nai.com/vil/content/v_100998.htm- W32/Mimail.t@MM (02-05-04)
http://vil.nai.com/vil/content/v_100996.htmSANS
- SANS NewsBites #6 (02-11-04)
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=6&issue=6- SANS NewsBites #5 (02-04-04)
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=6&issue=5- @RISK: The Consensus Security Vulnerability Alert #6 (02-12-04)
http://www.sans.org/newsletters/risk/vol3_6.php- @RISK: The Consensus Security Vulnerability Alert #5 (02-05-04)
http://www.sans.org/newsletters/risk/vol3_5.phpSophos
- W32/Tanx-A (02-17-04)
http://www.sophos.com/virusinfo/analyses/w32tanxa.html- W32/Agobot-CW (02-17-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcw.html- Dial/PVM-A (02-17-04)
http://www.sophos.com/virusinfo/analyses/dialpvma.html- Troj/Gina-F (02-17-04)
http://www.sophos.com/virusinfo/analyses/trojginaf.html- W32/Lohav-D (02-17-04)
http://www.sophos.com/virusinfo/analyses/w32lohavd.html- Troj/Digarix-B (02-17-04)
http://www.sophos.com/virusinfo/analyses/trojdigarixb.html- W32/Mylab-A (02-17-04)
http://www.sophos.com/virusinfo/analyses/w32mylaba.html- Troj/Chkmail-A (02-17-04)
http://www.sophos.com/virusinfo/analyses/trojchkmaila.html- Troj/Format-CK (02-17-04)
http://www.sophos.com/virusinfo/analyses/trojformatck.html- W32/Deadhat-B (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32deadhatb.html- W32/Sdbot-AE (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32sdbotae.html- W32/Agobot-CY (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcy.html- W32/Agobot-CZ (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcz.html- W32/Agobot-AP (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32agobotap.html- Troj/Bckdr-ATR (02-16-04)
http://www.sophos.com/virusinfo/analyses/trojbckdratr.html- Troj/Mirseed-A (02-16-04)
http://www.sophos.com/virusinfo/analyses/trojmirseeda.html- W32/Dumaru-AH (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32dumaruah.html- W32/MyDoom-E (02-16-04)
http://www.sophos.com/virusinfo/analyses/w32mydoome.html- Troj/Pinbol-A (02-13-04)
http://www.sophos.com/virusinfo/analyses/trojpinbola.html- W32/DoomHunt-A (02-13-04)
http://www.sophos.com/virusinfo/analyses/w32doomhunta.html- W32/Nachi-B (02-12-04)
http://www.sophos.com/virusinfo/analyses/w32nachib.html- W32/Doomjuice-B (02-11-04)
http://www.sophos.com/virusinfo/analyses/w32doomjuiceb.html- W32/Zryks-A (02-11-04)
http://www.sophos.com/virusinfo/analyses/w32zryksa.html- Dial/HotKiss-A (02-11-04)
http://www.sophos.com/virusinfo/analyses/dialhotkissa.html- Troj/Aladinz-B (02-11-04)
http://www.sophos.com/virusinfo/analyses/trojaladinzb.html- Troj/PcGhost-E (02-11-04)
http://www.sophos.com/virusinfo/analyses/trojpcghoste.html- W32/Order-A (02-11-04)
http://www.sophos.com/virusinfo/analyses/w32ordera.html- W32/Protoride-C (02-11-04)
http://www.sophos.com/virusinfo/analyses/w32protoridec.html- W32/Yenik-A (02-11-04)
http://www.sophos.com/virusinfo/analyses/w32yenika.html- W32/Deadhat-A (02-10-04)
http://www.sophos.com/virusinfo/analyses/w32deadhata.html- W32/Wukill-B (02-10-04)
http://www.sophos.com/virusinfo/analyses/w32wukillb.html- XM97/Likin-C (02-10-04)
http://www.sophos.com/virusinfo/analyses/xm97likinc.html- W32/Agobot-CX (02-10-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcx.html- Troj/SdBot-CA (02-10-04)
http://www.sophos.com/virusinfo/analyses/trojsdbotca.html- W32/SdBot-AQ (02-10-04)
http://www.sophos.com/virusinfo/analyses/w32sdbotaq.html- Troj/WrmDrop-A (02-10-04)
http://www.sophos.com/virusinfo/analyses/trojwrmdropa.html- VBS/Qoma-A (02-10-04)
http://www.sophos.com/virusinfo/analyses/vbsqomaa.html- Troj/Sdbot-FN (02-10-04)
http://www.sophos.com/virusinfo/analyses/trojsdbotfn.html- W32/Doomjuice-A (02-09-04)
http://www.sophos.com/virusinfo/analyses/w32doomjuicea.html- Troj/Myss-C (02-09-04)
http://www.sophos.com/virusinfo/analyses/trojmyssc.html- Troj/Startpg-BS (02-09-04)
http://www.sophos.com/virusinfo/analyses/trojstartpgbs.html- Troj/Regldr-A (02-09-04)
http://www.sophos.com/virusinfo/analyses/trojregldra.html- Troj/Kifer-B (02-09-04)
http://www.sophos.com/virusinfo/analyses/trojkiferb.html- Bat/Macdwarf-A (02-09-04)
http://www.sophos.com/virusinfo/analyses/batmacdwarfa.html- Troj/PWSSagi-B (02-09-04)
http://www.sophos.com/virusinfo/analyses/trojpwssagib.html- Troj/Sdbot-HE (02-09-04)
http://www.sophos.com/virusinfo/analyses/trojsdbothe.html- W32/SdBot-AD (02-09-04)
http://www.sophos.com/virusinfo/analyses/w32sdbotad.html- Troj/Sdbot-FM (02-06-04)
http://www.sophos.com/virusinfo/analyses/trojsdbotfm.html- W32/MyDoom-Dam (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32mydoomdam.html- Troj/Spooner-D (02-06-04)
http://www.sophos.com/virusinfo/analyses/trojspoonerd.html- W32/Agobot-CV (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcv.html- Troj/Ranky-B (02-06-04)
http://www.sophos.com/virusinfo/analyses/trojrankyb.html- W32/Agobot-RW (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotrw.html- Troj/Median-A (02-06-04)
http://www.sophos.com/virusinfo/analyses/trojmediana.html- Bat/Botsecure-A (02-06-04)
http://www.sophos.com/virusinfo/analyses/batbotsecurea.html- W32/Agobot-CP (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcp.html- W32/Agobot-O (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agoboto.html- W32/Anig-A (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32aniga.html- W32/Anig-B (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32anigb.html- W32/Agobot-CQ (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcq.html- W32/Agobot-CR (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcr.html- W32/Agobot-CT (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotct.html- W32/Agobot-CU (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32agobotcu.html- W32/Randex-FC (02-06-04)
http://www.sophos.com/virusinfo/analyses/w32randexfc.htmlSymantec
- W32.Beagle.B@mm (02-17-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.b@mm.html- X97M.Ellar.F (02-16-04)
http://securityresponse.symantec.com/avcenter/venc/data/x97m.ellar.f.html- W32.Kifer.B (02-16-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.kifer.b.html- W32.Netsky@mm (02-16-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky@mm.html- W32.HLLW.Cult.M@mm (02-15-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.cult.m@mm.html- W32.Rusty@m (02-15-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.rusty@m.html- W32.Welchia.C.Worm (02-15-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.c.worm.html- VBS.Laske@mm (02-13-04)
http://securityresponse.symantec.com/avcenter/venc/data/vbs.laske@mm.html- W32.Doomhunter (02-12-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.doomhunter.html- W32.HLLW.Deadhat.B (02-12-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.b.html- X97M.Esab (02-12-04)
http://securityresponse.symantec.com/avcenter/venc/data/x97m.esab.html- Trojan.Bansap (02-12-04)
http://securityresponse.symantec.com/avcenter/venc/data/trojan.bansap.html- Trojan.PWS.QQPass.F (02-12-04)
http://securityresponse.symantec.com/avcenter/venc/data/trojan.pws.qqpass.f.html- W32.HLLP.Shodi (02-11-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.shodi.html- W32.Welchia.B.Worm (02-11-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.b.worm.html- W32.HLLW.Doomjuice.B (02-11-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.b.html- W32.Dumaru.AH@mm (02-10-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.dumaru.ah@mm.html- VBS.Bootconf.B (02-10-04)
http://securityresponse.symantec.com/avcenter/venc/data/vbs.bootconf.b.html- W32.Kifer (02-10-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.kifer.html- W32.HLLP.Yero.Worm (02-10-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllp.yero.worm.html- W32.HLLW.Moega.AG (02-10-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.ag.html- W32.Yenik.A@mm (02-10-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.yenik.a@mm.html- Trojan.Gutta (02-09-04)
http://securityresponse.symantec.com/avcenter/venc/data/trojan.gutta.html- W32.HLLW.Doomjuice (02-09-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.doomjuice.html- Backdoor.IRC.Aladinz.J (02-08-04)
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.aladinz.j.html- W32.HLLW.Deadhat (02-06-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.deadhat.html- W32.Dinfor.Worm (02-06-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.dinfor.worm.html- Backdoor.Domwis (02-06-04)
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.domwis.html- Backdoor.OptixPro.13.C (02-06-04)
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.optixpro.13.c.html- W32.Mimail.T@mm (02-05-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.mimail.t@mm.html- W32.HLLW.Gaobot.JB (02-05-04)
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.gaobot.jb.html- Microsoft Windows ASN.1 Library Integer Handling Vulnerability (02-10-04)
http://securityresponse.symantec.com/avcenter/security/Content/9626.html- Microsoft Windows Internet Naming Service Buffer Overflow Vulnerability (02-10-04)
http://securityresponse.symantec.com/avcenter/security/Content/9624.htmlTrend Micro
- WORM_NODOOM.A (02-17-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NODOOM.A- WORM_BAGLE.B (02-17-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_BAGLE.B- WORM_NACHI.B (02-16-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NACHI.B- WORM_DEADHAT.C (02-16-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DEADHAT.C- WORM_NETSKY.A (02-16-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DEADHAT.C- WORM_NETSKY.A (02-16-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MYDOOM.E- PHP_BIZAI.A (02-14-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=PHP_BIZAI.A- WORM_NACHI.C (02-13-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_NACHI.C- WORM_DOOMHUNTR.A (02-13-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOOMHUNTR.A- WORM_DEADHAT.B (02-12-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DEADHAT.B- WORM_AGOBOT.JB (02-12-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JB- WORM_DUMARU.AC (02-11-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DUMARU.AC- WORM_DOOMJUICE.B (02-11-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOOMJUICE.B- ASN_1.2_VULNERABILITY (02-11-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=ASN_1.2_VULNERABILITY- WORM_REDWA.A (02-09-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_REDWA.A- BAT_REDWA.A (02-09-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=BAT_REDWA.A- WORM_DOOMJUICE.A (02-09-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DOOMJUICE.A- WORM_DEADHAT.A (02-08-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_DEADHAT.A- WORM_AGOBOT.AL (02-07-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.AL- WORM_AGOBOT.CT (02-07-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CT- WORM_AGOBOT.CX (02-07-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.CX- VBS_QOMA.A (02-06-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=VBS_QOMA.A- WORM_HOLAR.F (02-05-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_HOLAR.F- HTML_SWENFRAUD.A (02-05-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=HTML_SWENFRAUD.A- WORM_MIMAIL.T (02-05-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MIMAIL.T- WORM_SDBOT.EW (02-04-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.EW- WORM_KWBOT.E (02-04-04)
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_KWBOT.EUNIRAS
- Malicious Software Report - W32/Bagle.b@MM (02-17-04)
http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-0504.txt- NISCC Assessment of Microsoft ASN.1 Library Vulnerabilities (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/alerts2004/alert-0404.txt- AusCERT Updates: 1. Microsoft Product Support Services - Update released to address SSL issues. 2. Microsoft Product Support Services - Mydoom/Doomjuice Cleaner Tool Available (02-16-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7904.txt- Sun Microsystems Security Bulletin: Multiple Security Vulnerabilities in OpenSSL Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Protocols. (02-16-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7804.txt- Debian Security Bulletin: New gnupg packages fix cryptographic weakness. (02-16-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7704.txt- Red Hat Security Bulletins: 1. Updated mutt packages fix remotely-triggerable crash. 2. Updated XFree86 packages fix privilege escalation vulnerability. 3. Updated PWLib packages fix protocol security issues. (02-16-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7604.txt- Exploit Code For Microsoft Windows ASN.1 Vulnerabilities (02-14-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7504.txt- Mandrake Linux Security Bulletins: 1. Temporary file bugs in versions of NetPBM. 2. A bug in mutt could allow a remote attacker to send a carefully crafted mail message. (02-13-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7404.txt- Update to address issues related to SSL in Internet Explorer 6.0 Service Pack 1 after applying Microsoft Security Update MS04-004 (02-13-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7304.txt- SGI Advanced Linux Environment security update #10 20040201-01-U (02-12-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7204.txt- Red Hat Security Advisory Updated mutt packages fix remotely-triggerable crash RHSA-2004:051-01 (02-12-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7104.txt- Red Hat Security Advisory Updated Gaim packages fix security vulnerabilities RHSA-2004:045-01 (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-7004.txt- Red Hat Security Advisory Updated mailman packages close DoS vulnerability RHSA-2004:019-01 (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6904.txt- Debian Security Advisory DSA 436-1 - mailman (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6804.txt- Microsoft Windows Security Bulletin Summary for February 2004 (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6704.txt- Microsoft Macintosh Products Security Bulletin Summary for February, 2004 (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6604.txt- Hewlett Packard Advisories: SSRT3622 rev. 1 Bind v920 SSRT3656 rev.1 NLSPATH may contain any path (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6504.txt- SUN(SM) ALERT WEEKLY SUMMARY REPORT (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6404.txt- Multiple Vulnerabilities in Microsoft ASN.1 Library (02-11-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6304.txt- Debian Security Advisory mpg123 - heap overflow (02-09-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6204.txt- OpenBSD Security Advisory IPv6 MTU handling problem (02-09-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6104.txt- Mandrake Linux Security Update Advisory: MDKSA-2004:009 - glibc (02-09-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-6004.txt- Conectiva Security Bulletin: Insecure handling of temporary files. (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5904.txt- SGI Security Bulletin: Userland binary vulnerabilities update. (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5804.txt- US-CERT Security Bulletin: HTTP Parsing Vulnerabilities in Check Point Firewall-1 (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5704.txt- Debian Security Bulletin: New gaim packages fix several vulnerabilities (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5604.txt- FreeBSD Security Bulletin: shmat reference counting bug (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5504.txt- Red Hat Security Bulletins: 1. Updated NetPBM packages fix multiple temporary file vulnerabilities. 2. Updated mailman packages close cross-site scripting vulnerabilities. (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5404.txt- OpenBSD Security Bulletin: Reference counting bug in shmat(2) (02-06-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5304.txt- Debian Security Bulletin: New Linux 2.4.17 packages fix local root exploit (mips+mipsel) (02-05-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5204.txt- RealOne Player / RealPlayer Multiple Vulnerabilities (02-05-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5104.txt- Sun Alert ID:57483 Basic Security Module (BSM) Functionality is Impaired on Solaris Systems Which Have Removed The SUNWscpu Package (02-05-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-5004.txt- iDEFENSE Security Advisory 02.04.04 GNU Radius Remote Denial of Service Vulnerability (02-05-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4904.txt- Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow (02-05-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4804.txt- Check Point FireWall-1 HTTP Parsing Format String Vulnerabilities (02-05-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4704.txt- FreeBSD Security Bulletin: ESB-2004.0081 -- FreeBSD-SA-04:01.mksnap_ffs mksnap_ffs clears file system options (02-04-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4604.txt- Check Point Security Bulletin: ESB-2004.0082 -- Check Point Firewall-1 H.323 Vulnerability (02-04-04)
>http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4504.txt- Sun Security Bulletin: Sun ONE/iPlanet Web Server Enable HTTP TRACE Method by Default (02-04-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4404.txt- Cisco 6000/6500/7600 Crafted Layer 2 Frame Vulnerability (02-04-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4304.txt- Three RedHat Security Advisories: 1. Updated kernel packages resolve minor security vulnerabilities. 2. Updated util-linux packages fix information leak. 3. Updated mc packages resolve buffer overflow vulnerability (02-04-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4204.txt- userland binary vulnerabilities (02-04-04)
http://www.uniras.gov.uk/l1/l2/l3/brief2004/brief-4104.txt
Copyright 2004 Carnegie Mellon University. Terms of use
updated
Please share your thoughts
We recently updated our anonymous product survey; we’d welcome your feedback.